CVE-2024-3738 HIGH

CVE-2024-3738: cym1102 nginxWebUI saveCmd handlePath certificate validation

Vendor Cym1102

Product nginxWebUI

Weakness CWE-295

Published April 13, 2024

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.

Key dates

Disclosure timeline

April 13, 2024 CVE published

September 3, 2024 Record updated

Identifiers

CVE CVE-2024-3738

CWE CWE-295

CVSS 7.3 / HIGH

Affected versions

Vendor Cym1102

Product nginxWebUI

Affected 3.9.0

Vendor Cym1102

Product nginxWebUI

Affected 3.9.1

Vendor Cym1102

Product nginxWebUI

Affected 3.9.2

Vendor Cym1102

Product nginxWebUI

Affected 3.9.3

Vendor Cym1102

Product nginxWebUI

Affected 3.9.4

Vendor Cym1102

Product nginxWebUI

Affected 3.9.5

Vendor Cym1102

Product nginxWebUI

Affected 3.9.6

Vendor Cym1102

Product nginxWebUI

Affected 3.9.7

Vendor Cym1102

Product nginxWebUI

Affected 3.9.8

Vendor Cym1102

Product nginxWebUI

Affected 3.9.9